admin/usergroup.php

   1 <?php
   2 /*=====================================================================*\
   3 || ###################################################################
   4 || # Bugdar [#]version[#]
   5 || # Copyright ©2002-[#]year[#] Blue Static
   6 || #
   7 || # This program is free software; you can redistribute it and/or modify
   8 || # it under the terms of the GNU General Public License as published by
   9 || # the Free Software Foundation; version [#]gpl[#] of the License.
  10 || #
  11 || # This program is distributed in the hope that it will be useful, but
  12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  14 || # more details.
  15 || #
  16 || # You should have received a copy of the GNU General Public License along
  17 || # with this program; if not, write to the Free Software Foundation, Inc.,
  18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19 || ###################################################################
  20 \*=====================================================================*/
  21
  22 require_once('./global.php');
  23 require_once('./includes/api_usergroup.php');
  24
  25 require_once('./includes/class_api_error.php');
  26 APIError(array(new API_Error_Handler($admin), 'admin_error'));
  27
  28 NavLinks::usersPages();
  29 $navigator->set_focus('tab', 'users', null);
  30
  31 if (!can_perform('canadmingroups'))
  32 {
  33         admin_login();
  34 }
  35
  36 // ###################################################################
  37 // define permissions as groups
  38
  39 $permissions = array(
  40         _('General Permissions') => array(
  41                 'canviewbugs' => _('Can View Bugs'),
  42                 'canviewhidden' => _('Can View Hidden Bugs and Comments'),
  43                 'canviewownhidden' => _('Can View Own Hidden Bugs'),
  44                 'cansearch' => _('Can Search Bugs'),
  45                 'cansubscribe' => _('Can Subscribe to Bugs'),
  46                 'canbeassignedto' => _('Can Be Assigned Bugs')
  47         ),
  48
  49         _('Posting/Submitting Permissions') => array(
  50                 'canvote' => _('Can Vote on Polls'),
  51                 'cansubmitbugs' => _('Can Submit Bugs'),
  52                 'canpostcomments' => _('Can Post Comments'),
  53                 'cangetattach' => _('Can View Attachments'),
  54                 'canputattach' => _('Can Upload/Edit Own Attachments'),
  55                 'caneditattach' => _('Can Manage All Attachments')
  56         ),
  57
  58         _('Moderation/Managment Permissions') => array(
  59                 'caneditown' => _('Can Edit Own Bugs'),
  60                 'caneditother' => _('Can Edit Others\' Bugs'),
  61                 'caneditownreply' => _('Can Edit Own Comments'),
  62                 'caneditotherreply' => _('Can Edit Others\' Comments'),
  63                 'canassign' => _('Can Assign Bugs'),
  64                 'canchangestatus' => _('Can Change Status'),
  65                 'candeletedata' => _('Can Delete Bugs and Comments')
  66         ),
  67
  68         _('Administrator Permissions') => array(
  69                 'canadminpanel' => _('Can Access Control Panel'),
  70                 'canadminbugs' => _('Can Administer Bug Reports'),
  71                 'canadminfields' => _('Can Administer Additional Bug Fields'),
  72                 'canadminversions' => _('Can Administer Products / Components / Versions'),
  73                 'canadminusers' => _('Can Administer Users'),
  74                 'canadmingroups' => _('Can Administer Usergroups'),
  75                 'canadmintools' => _('Can Administer Settings / Maintenance Tools')
  76         )
  77 );
  78
  79 // ###################################################################
  80
  81 if (empty($_REQUEST['do']))
  82 {
  83         $_REQUEST['do'] = 'modify';
  84 }
  85
  86 // ###################################################################
  87
  88 if ($_REQUEST['do'] == 'kill')
  89 {
  90         $usergroup = new UsergroupAPI($bugsys);
  91         $usergroup->set('usergroupid',  $bugsys->in['usergroupid']);
  92         $usergroup->set_condition();
  93         $usergroup->delete();
  94
  95         $admin->redirect('usergroup.php?do=modify');
  96 }
  97
  98 // ###################################################################
  99
 100 if ($_REQUEST['do'] == 'delete')
 101 {
 102         if ($bugsys->in['usergroupid'] < 7)
 103         {
 104                 $admin->error(_('You can\'t delete a default usergroup.'));
 105         }
 106
 107         $admin->page_confirm(_('Are you sure you want to delete this usergroup? All users in this group will be set back to the default registered usergroup (id: 2).'), 'usergroup.php', 'kill', array('usergroupid' => $bugsys->in['usergroupid']));
 108 }
 109
 110 // ###################################################################
 111
 112 if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit')
 113 {
 114         $add = (($_REQUEST['do'] == 'add') ? true : false);
 115         $edit = (($_REQUEST['do'] == 'edit') ? true : false);
 116
 117         if ($edit)
 118         {
 119                 NavLinks::usergroupsEdit($bugsys->in['usergroupid']);
 120                 $navigator->set_focus('link', 'users-pages-usergroups', 'users-pages');
 121         }
 122         else
 123         {
 124                 NavLinks::usergroupsAdd();
 125                 $navigator->set_focus('link', 'usergroups-add', 'usergroups');
 126         }
 127
 128         $admin->page_start(($add ? _('New Usergroup') : _('Edit Usergroup')));
 129
 130         $admin->form_start('usergroup.php', ($add ? 'insert' : 'update'));
 131
 132         if ($edit)
 133         {
 134                 $usergroup = new UsergroupAPI($bugsys);
 135                 $usergroup->set('usergroupid',  $bugsys->in['usergroupid']);
 136                 $usergroup->set_condition();
 137                 $usergroup->fetch();
 138
 139                 $admin->form_hidden_field('usergroupid', $usergroup->objdata['usergroupid']);
 140         }
 141         else
 142         {
 143                 $usergroup['permissions'] = 319;
 144         }
 145
 146         // Details
 147         $admin->table_start();
 148         $admin->table_head(_('Usergroup Details'));
 149         $admin->row_input(_('Usergroup Title'), 'title', $bugsys->sanitize($usergroup->objdata['title']));
 150         $admin->row_input(_('Display Title<div><dfn>This is the title that others will be able to see when comments are posted.</dfn></div>'), 'displaytitle', $bugsys->sanitize($usergroup->objdata['displaytitle']));
 151         $admin->table_end();
 152
 153         // Permission
 154         $admin->table_start();
 155
 156         $admin->table_head(_('Permission Settings'));
 157
 158         foreach ($permissions AS $group => $settings)
 159         {
 160                 $admin->row_span($group, 'thead', 'center');
 161                 foreach ($settings AS $setting => $name)
 162                 {
 163                         $admin->row_yesno($name, "perm[$setting]", ($usergroup->objdata['permissions'] & $bugsys->permissions["$setting"]));
 164                 }
 165         }
 166
 167         $admin->table_end();
 168
 169         // custom field permissions
 170         $admin->table_start();
 171         $admin->table_head(_('Custom Field Permissions'));
 172
 173         if ($edit)
 174         {
 175                 $perms = $db->query("SELECT fieldid, mask FROM " . TABLE_PREFIX . "bugfieldpermission WHERE usergroupid = " . $usergroup->objdata['usergroupid']);
 176                 while ($perm = $db->fetch_array($perms))
 177                 {
 178                         $permissions["$perm[fieldid]"] = $perm['mask'];
 179                 }
 180         }
 181
 182         $fields = $db->query("SELECT fieldid, name FROM " . TABLE_PREFIX . "bugfield ORDER BY fieldid");
 183         while ($field = $db->fetch_array($fields))
 184         {
 185                 unset($listitem);
 186                 $admin->list_item(_('No Permission'), 0, $permissions["$field[fieldid]"] == 0);
 187                 $admin->list_item(_('Can View Field'), 1, $permissions["$field[fieldid]"] == 1);
 188                 $admin->list_item(_('Can View, Edit Field'), 2, $permissions["$field[fieldid]"] == 2);
 189                 $admin->row_list($field['name'], "custom[$field[fieldid]]");
 190         }
 191
 192         $admin->table_end();
 193
 194         // Submit
 195         $admin->table_start();
 196         $admin->row_submit();
 197         $admin->table_end();
 198
 199         $admin->form_end();
 200
 201         $admin->page_end();
 202 }
 203
 204 // ###################################################################
 205
 206 if ($_POST['do'] == 'insert')
 207 {
 208         $bugsys->input_clean('perm', TYPE_UINT);
 209         foreach ($bugsys->in['perm'] AS $permtitle => $binaryswitch)
 210         {
 211                 $permissionvalue += $bugsys->permissions["$permtitle"] * $binaryswitch;
 212         }
 213
 214         $usergroup = new UsergroupAPI($bugsys);
 215         $usergroup->set('title',                $bugsys->in['title']);
 216         $usergroup->set('displaytitle', $bugsys->in['displaytitle']);
 217         $usergroup->set('permissions',  $permissionvalue);
 218         $usergroup->insert();
 219
 220         $bugsys->input_clean('custom', TYPE_UINT);
 221         if (is_array($bugsys->in['custom']))
 222         {
 223                 foreach ($bugsys->in['custom'] AS $fieldid => $mask)
 224                 {
 225                         $values[] = $usergroup->insertid . ", " . $bugsys->clean($fieldid, TYPE_UINT) . ", " . $mask;
 226                 }
 227         }
 228
 229         if (is_array($values))
 230         {
 231                 $db->query("
 232                         INSERT INTO " . TABLE_PREFIX . "bugfieldpermission
 233                                 (usergroupid, fieldid, mask)
 234                         VALUES
 235                                 (" . implode("\n\t\t\t", $values) . "
 236                         )"
 237                 );
 238         }
 239
 240         $admin->redirect('usergroup.php?do=modify');
 241 }
 242
 243 // ###################################################################
 244
 245 if ($_POST['do'] == 'update')
 246 {
 247         $bugsys->input_clean_array(array(
 248                 'perm'                  => TYPE_UINT,
 249                 'usergroupid'   => TYPE_UINT,
 250                 'custom'                => TYPE_UINT
 251         ));
 252         $bugsys->input_clean('perm', TYPE_UINT);
 253         foreach ($bugsys->in['perm'] AS $permtitle => $binaryswitch)
 254         {
 255                 $permissionvalue += $bugsys->permissions["$permtitle"] * $binaryswitch;
 256         }
 257
 258         $usergroup = new UsergroupAPI($bugsys);
 259         $usergroup->set('usergroupid',  $bugsys->in['usergroupid']);
 260         $usergroup->set_condition();
 261         $usergroup->set('title',                $bugsys->in['title']);
 262         $usergroup->set('displaytitle', $bugsys->in['displaytitle']);
 263         $usergroup->set('permissions',  $permissionvalue);
 264         $usergroup->update();
 265
 266         $bugsys->input_clean('custom', TYPE_UINT);
 267         if (is_array($bugsys->in['custom']))
 268         {
 269                 foreach ($bugsys->in['custom'] AS $fieldid => $mask)
 270                 {
 271                         $values[] = $usergroup->values['usergroupid'] . ", " . $bugsys->clean($fieldid, TYPE_UINT) . ", " . $mask;
 272                 }
 273         }
 274
 275         if (is_array($values))
 276         {
 277                 $db->query("
 278                         REPLACE INTO " . TABLE_PREFIX . "bugfieldpermission
 279                                 (usergroupid, fieldid, mask)
 280                         VALUES
 281                                 (" . implode("),\n\t\t\t(", $values) . ")"
 282                 );
 283         }
 284
 285
 286         $admin->redirect('usergroup.php?do=modify');
 287 }
 288
 289 // ###################################################################
 290
 291 if ($_POST['do'] == 'doapprove')
 292 {
 293         $bugsys->input_clean('approve', TYPE_UINT);
 294
 295         $idlist = array();
 296         if (is_array($bugsys->in['approve']))
 297         {
 298                 foreach ($bugsys->in['approve'] AS $id => $yesno)
 299                 {
 300                         if ($yesno > 0)
 301                         {
 302                                 $idlist[] = $bugsys->clean($id, TYPE_UINT);
 303                         }
 304                 }
 305         }
 306
 307         if (sizeof($idlist) > 0)
 308         {
 309                 // TODO - maybe send some kind of email?
 310                 $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = 2 WHERE userid IN (" . implode(',', $idlist) . ")");
 311         }
 312
 313         $admin->redirect('usergroup.php', _('The selected users have been promoted to the "Registered" usergroup.'));
 314 }
 315
 316 // ###################################################################
 317
 318 if ($_REQUEST['do'] == 'approve')
 319 {
 320         NavLinks::usergroupsAdd();
 321         $navigator->set_focus('link', 'usergroups-approve', 'usergroups');
 322
 323         $admin->page_start(_('Moderate Awaiting Users'), 3);
 324
 325         $admin->form_start('usergroup.php', 'doapprove');
 326         $admin->table_start();
 327         $admin->table_head(_('Moderate Un-Approved Users'), 3);
 328
 329         $admin->table_column_head(array(_('Username'), _('Usergroup'), _('Approve')));
 330
 331         $users = $db->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE usergroupid IN (3, 4)");
 332         while ($user = $db->fetch_array($users))
 333         {
 334                 $admin->row_multi_item(array(
 335                         '<a href="user.php?do=edit&amp;userid=' . $user['userid'] . '">' . $user['email'] . '</a>' => 'l',
 336                         $bugsys->datastore['usergroup']["$user[usergroupid]"]['title'] => 'c',
 337                         '<input name="approve[' . $user['userid'] . ']" type="checkbox" value="1" />' => 'c'
 338                 ));
 339         }
 340
 341         $admin->row_submit(false, ':save:', ':reset:', 3);
 342         $admin->table_end();
 343         $admin->form_end();
 344
 345         $admin->page_end();
 346 }
 347
 348 // ###################################################################
 349
 350 if ($_REQUEST['do'] == 'modify')
 351 {
 352         NavLinks::usergroupsAdd();
 353         $navigator->set_focus('link', 'users-pages-usergroups', 'users-pages');
 354
 355         $admin->page_start(_('Usergroup Manager'));
 356
 357         $admin->form_start('usergroup.php', 'null');
 358         $admin->table_start();
 359         $admin->table_head(_('Usergroup Manager'), 3, 'usergroups');
 360
 361         $groups = $db->query("SELECT * FROM " . TABLE_PREFIX . "usergroup ORDER BY usergroupid ASC");
 362         while ($group = $db->fetch_array($groups))
 363         {
 364                 $usergroups["$group[usergroupid]"] = $group;
 365         }
 366         $db->free_result($groups);
 367
 368         $groups = $db->query("
 369                 SELECT COUNT(user.userid) AS total, user.usergroupid
 370                 FROM " . TABLE_PREFIX . "user AS user
 371                 LEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup USING (usergroupid)
 372                 GROUP BY usergroup.usergroupid
 373                 ORDER BY usergroup.usergroupid"
 374         );
 375         while ($group = $db->fetch_array($groups))
 376         {
 377                 $usergroups["$group[usergroupid]"]['total'] = $group['total'];
 378         }
 379
 380         $admin->table_column_head(array(_('Usergroup'), _('Number of Users'), _('Action')));
 381         foreach ($usergroups AS $group)
 382         {
 383                 $admin->row_multi_item(array("<a href=\"usergroup.php?do=edit&amp;usergroupid=$group[usergroupid]\">$group[title]</a>" => 'l', ((!$group['total']) ? '-' : $group['total']) => 'c', "<a href=\"usergroup.php?do=edit&amp;usergroupid=$group[usergroupid]\">[" . _('Edit') . "]</a>" . (($group['usergroupid'] > 6) ? "<a href=\"usergroup.php?do=delete&amp;usergroupid=$group[usergroupid]\">[" . _('Delete') . "]</a>" : '') => 'c'));
 384         }
 385
 386         $admin->table_end();
 387         $admin->form_end();
 388
 389         $admin->page_end();
 390 }
 391
 392 /*=====================================================================*\
 393 || ###################################################################
 394 || # $HeadURL$
 395 || # $Id$
 396 || ###################################################################
 397 \*=====================================================================*/
 398 ?>